- Feb 27, 2016
- 118
cruelsister, for you and beyond Emsisoft, what antivirus have the best protection against Ransomware?.
Last edited:
More Fun with Ransomware Part 2
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
cruelsister, for you and beyond Emsisoft, what antivirus have the best protection against Ransomware?.
- May 11, 2014
- 1,639
So, how would Comodo react, I've adjusted all the settings you suggested (thanks), it just shows that the future antivirus software will HAVE to incorporate sandbox/virtualization technologies!
IMO, with a product like Comodo, whatever settings/customization you use, it needs know how, how the product & features work or else you will face prob like program not working, not connecting, etc...
- Apr 13, 2013
- 3,224
mamamia- I'm not a fan of any AV as they are defenseless against truw zero-day stuff, but I am sort of partial to Qihoo TS (nice startup monitor).
- Jun 21, 2014
- 107
mm, Qihoo?. I have read comments from users who say that Qihoo has not detected some ransomware.
- Jan 4, 2016
- 1,022
Quihoo is able to block lots of ransomware, but you will have troubles if them are not in their signatures (QVM II engine). Usually ransomware creates an other process from the original one, which will try to inject the code. Quihoo will prompt you that a process is about to inject code in an other process, and of course, if that is your host machine, you will click block. The problem is that Quihoo blocked only the second process, and the 1st one keeps creating new processes to try to inject code, and Quihoo will continue to block them but not Killing the one from which they are created (it will show the alert "blocked the following program on execution every two seconds). To completely kill the ransom, you can either kill his 1st process or reboot the system (The ransom won't execute again, tested in my VM)
Perfectly described.
No AV is perfect, but for my experience, most RW samples were already detected by cloud when I picked them out of the Hub. If not, some orange popups came up, mostly describing something is going to add an autostart entry or amend files, just as @TheMalwareMaster described. To my experience, the droppers went suicide after running most of the time (ShadowDefender environment).
- Jan 4, 2016
- 1,022
In my tests, the malware continues endlessly to create other processes that attempt to inject the code (until system is rebooted), which are stoppped by HIPS. The strange fact is that, if you SUD them the ransomware not flagged by QVMII, their reply is "sorry, we didn't find any malicious behaviour in this file". I can't really understand who is checking those files
Last edited:
Got that
Regarding the SUD issue, I notice that regularly, too, see the SUD reports at the Hub. Can't understand, some files clearly showed malicious behaviour (sometimes even blocked by QTS360 HIPS). Would love to get a Qihoo statement on that (@Qihoo 360 Support Team).
- Feb 27, 2016
- 118
So, according to your tests, What antivirus have the best protection against Ransomware?.
- Jan 4, 2016
- 1,022
Well, if you would like to use quihoo it's OK, but in my opinion it should be better using comodo firewall with your favourite antivirus, because you are able to use the auto-sandboxing technology, which is really fine at preventing ransomware
What if you don't trust Comodo and don't want to have anything to do with that devious company is there anything else that exists?
My wife has HitmanPro Alert installed on her desktop by me but now seeing that HPA failed to stop the ransomware makes me worry. She is running Webroot, HMPA and ESET Antivirus on the system.
My wife has HitmanPro Alert installed on her desktop by me but now seeing that HPA failed to stop the ransomware makes me worry. She is running Webroot, HMPA and ESET Antivirus on the system.
- Jan 4, 2016
- 1,022
Are you looking for something which blocks automatically or a manual tool like sandboxie?
For myself I use WinAntiRansom but I would rather choose something more automatic...my wife has no patience for popups.
- Jan 4, 2016
- 1,022
Using WinAntiransom you should just click ok If a ransomware la detected, right?
- Mar 15, 2011
- 13,070
@TheMalwareMaster : Yes because the notification is shown that the possible execution as blocked immediately.
- Jan 4, 2016
- 1,022
So, I don't really think that clicking an ok button requires patience, considering you don't have other options to choose and you are not downloading ransomware everyday. If you don't trust Comodo, I would make her using WinAntiRansom. Or, you can continue to use HPM alert. I think the chance you can get that particular type of ransomware (which, if I remember correctly, is only sent to particular industries now, and not to home users), that it can bypass ESET signatures is minimum. Better making a backup of all your data instead of buying a new software, considering you are already using alert
I got winantiransom and installed it....will see if she notices.
Any chance of sharing the hash and/or the sample you used for this video? Thanks
- Apr 13, 2013
- 3,224
Similar threads
